| blob | 422d453de59c07199bcef614892aed082b69009c |
1 /* ***** BEGIN LICENSE BLOCK *****
2 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
3 *
4 * The contents of this file are subject to the Mozilla Public License Version
5 * 1.1 (the "License"); you may not use this file except in compliance with
6 * the License. You may obtain a copy of the License at
7 * http://www.mozilla.org/MPL/
8 *
9 * Software distributed under the License is distributed on an "AS IS" basis,
10 * WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
11 * for the specific language governing rights and limitations under the
12 * License.
13 *
14 * The Original Code is the Netscape security libraries.
15 *
16 * The Initial Developer of the Original Code is
17 * Netscape Communications Corporation.
18 * Portions created by the Initial Developer are Copyright (C) 1994-2000
19 * the Initial Developer. All Rights Reserved.
20 *
21 * Contributor(s):
22 *
23 * Alternatively, the contents of this file may be used under the terms of
24 * either the GNU General Public License Version 2 or later (the "GPL"), or
25 * the GNU Lesser General Public License Version 2.1 or later (the "LGPL"),
26 * in which case the provisions of the GPL or the LGPL are applicable instead
27 * of those above. If you wish to allow use of your version of this file only
28 * under the terms of either the GPL or the LGPL, and not to allow others to
29 * use your version of this file under the terms of the MPL, indicate your
30 * decision by deleting the provisions above and replace them with the notice
31 * and other provisions required by the GPL or the LGPL. If you do not delete
32 * the provisions above, a recipient may use your version of this file under
33 * the terms of any one of the MPL, the GPL or the LGPL.
34 *
35 * ***** END LICENSE BLOCK ***** */
40 /* Declare SSL cipher suites. */
49 0
50 };
66 0
67 };
69 /**************************************************************************
70 **
71 ** SSL callback routines.
72 **
73 **************************************************************************/
75 /* Function: char * myPasswd()
76 *
77 * Purpose: This function is our custom password handler that is called by
78 * SSL when retreiving private certs and keys from the database. Returns a
79 * pointer to a string that with a password for the database. Password pointer
80 * should point to dynamically allocated memory that will be freed later.
81 */
84 {
89 }
92 }
94 /* Function: SECStatus myAuthCertificate()
95 *
96 * Purpose: This function is our custom certificate authentication handler.
97 *
98 * Note: This implementation is essentially the same as the default
99 * SSL_AuthCertificate().
100 */
101 SECStatus
104 {
106 SECCertUsage certUsage;
110 SECStatus secStatus;
115 }
117 /* Define how the cert is being used based upon the isServer flag. */
126 cert,
127 checksig,
128 certUsage,
129 pinArg);
131 /* If this is a server, we're finished. */
135 }
137 /* Certificate is OK. Since this is the client side of an SSL
138 * connection, we need to verify that the name field in the cert
139 * matches the desired hostname. This is our defense against
140 * man-in-the-middle attacks.
141 */
143 /* SSL_RevealURL returns a hostName, not an URL. */
151 }
158 }
160 /* Function: SECStatus myBadCertHandler()
161 *
162 * Purpose: This callback is called when the incoming certificate is not
163 * valid. We define a certain set of parameters that still cause the
164 * certificate to be "valid" for this session, and return SECSuccess to cause
165 * the server to continue processing the request when any of these conditions
166 * are met. Otherwise, SECFailure is return and the server rejects the
167 * request.
168 */
169 SECStatus
171 {
174 PRErrorCode err;
176 /* log invalid cert here */
180 }
184 /* If any of the cases in the switch are met, then we will proceed */
185 /* with the processing of the request anyway. Otherwise, the default */
186 /* case will be reached and we will reject the request. */
208 }
213 }
215 /* Function: SECStatus ownGetClientAuthData()
216 *
217 * Purpose: This callback is used by SSL to pull client certificate
218 * information upon server request.
219 */
220 SECStatus
226 {
244 }
245 }
257 proto_win);
260 }
262 /* Only check unexpired certs */
267 }
274 }
277 }
280 }
281 }
286 }
289 }
291 /* Function: SECStatus myHandshakeCallback()
292 *
293 * Purpose: Called by SSL to inform application that the handshake is
294 * complete. This function is mostly used on the server side of an SSL
295 * connection, although it is provided for a client as well.
296 * Useful when a non-blocking SSL_ReHandshake or SSL_ResetHandshake
297 * is used to initiate a handshake.
298 *
299 * A typical scenario would be:
300 *
301 * 1. Server accepts an SSL connection from the client without client auth.
302 * 2. Client sends a request.
303 * 3. Server determines that to service request it needs to authenticate the
304 * client and initiates another handshake requesting client auth.
305 * 4. While handshake is in progress, server can do other work or spin waiting
306 * for the handshake to complete.
307 * 5. Server is notified that handshake has been successfully completed by
308 * the custom handshake callback function and it can service the client's
309 * request.
310 *
311 * Note: This function is not implemented in this sample, as we are using
312 * blocking sockets.
313 */
314 SECStatus
316 {
319 }
322 /**************************************************************************
323 **
324 ** Routines for disabling SSL ciphers.
325 **
326 **************************************************************************/
328 void
330 {
333 SECStatus rv;
335 /* disable all the SSL3 cipher suites */
344 }
345 }
346 }
348 /**************************************************************************
349 **
350 ** Error and information routines.
351 **
352 **************************************************************************/
354 void
356 {
362 }
364 void
366 {
368 /* Exit gracefully. */
369 /* ignoring return value of NSS_Shutdown as code exits with 1*/
373 }
375 void
377 {
401 }
404 /**************************************************************************
405 ** Begin thread management routines and data.
406 **************************************************************************/
408 void
410 {
414 /* wait for parent to finish launching us before proceeding. */
423 /* notify the thread exit handler. */
427 }
429 SECStatus
434 {
442 }
446 }
451 }
454 /* something's really wrong here. */
458 }
462 }
479 }
488 }
490 SECStatus
492 {
504 /* Handle cleanup of thread here. */
507 /* Now make sure the thread has ended OK. */
512 /* notify the thread launcher. */
514 }
515 }
516 }
518 /* Safety Sam sez: make sure count is right. */
524 }
525 }
528 }
530 void
532 {
538 }
542 }
546 }
547 }
549 /**************************************************************************
550 ** End thread management routines.
551 **************************************************************************/
553 void
555 {
560 }
562 void
564 {
570 }
572 void
574 {
578 }
580 }
584 {
591 }
594 }